Privacy Protection (Or: How to Avoid Going Out of Business)

There's a security crisis in our industry. Quite simply, businesses are failing to protect their customers' privacy, and corporate information is leaking everywhere it shouldn't be. IT architects need to think seriously about how to avoid these problems. If they don't, it's going to get a lot worse: at least as bad as the 2005 CardSystems case, for example.

I humbly suggest that businesses should follow an architectural pattern of "data recentralization." I hope people don't think this notion is a radical one. Think about the privacy problem statistically for a moment. It's much easier to protect information -- to apply reasonable and appropriate business controls -- if it isn't scattered everywhere. It costs a lot less, too, to have fewer, central data stores with authentication, authorization, audit trails, and data protection (backup, disaster recovery, etc.) There will always be tension between the need for convenient, immediate access to corporate information and strong governance. However, I don't agree that these objectives are necessarily mutually exclusive. In fact, data recentralization helps promote a "single version of the truth," something that provides tremendous business value.

So why are some so-called experts totally confused about the technology solutions to this problem? Take this recent example in the trade press, which proclaimed that, "Encrypting data on a mainframe is difficult...."

Where on earth did that myth start? Fortunately, an anonymous commenter immediately stomped on that false rumor, calling that particular assertion "dangerous" even. The commenter added, "The world would be a lot safer if our financial transactions
relied exclusively on IBM mainframes, and many businesses are rushing
to do exactly that."